如何反混淆OPY蟒蛇

Question

我試圖反混淆是得到了混淆using opy代碼：

# coding: UTF-8 
import sys 
l1l1ll11lll1l_opy_ = sys.version_info [0] == 2 
l11l11lll1_opy_ = 2048 
l111l1llllll_opy_ = 7 
def l1l1l11ll11ll_opy_ (l1111111lllll_opy_): 
    global l1l11111ll1l1_opy_ 
    l11ll1ll1l_opy_ = ord (l1111111lllll_opy_ [-1]) 
    l1lll1l1llll_opy_ = l1111111lllll_opy_ [:-1] 
    l1lll1l1ll1111_opy_ = l11ll1ll1l_opy_ % len (l1lll1l1llll_opy_) 
    l1l1l111ll1_opy_ = l1lll1l1llll_opy_ [:l1lll1l1ll1111_opy_] + l1lll1l1llll_opy_ [l1lll1l1ll1111_opy_:] 
    if l1l1ll11lll1l_opy_: 
     l11l11111ll1_opy_ = l1ll1ll111ll_opy_() .join ([l111l1111l_opy_ (ord (char) - l11l11lll1_opy_ - (l1lll1_opy_ + l11ll1ll1l_opy_) % l111l1llllll_opy_) for l1lll1_opy_, char in enumerate (l1l1l111ll1_opy_)]) 
    else: 
     l11l11111ll1_opy_ = str() .join ([chr (ord (char) - l11l11lll1_opy_ - (l1lll1_opy_ + l11ll1ll1l_opy_) % l111l1llllll_opy_) for l1lll1_opy_, char in enumerate (l1l1l111ll1_opy_)]) 
    return eval (l11l11111ll1_opy_) 

obf.py。 我真的不知道從哪裏開始..有什麼想法？

Answer 1

第一步可能是使用正則表達式查找變量（所有變量名以一些l和1 s開頭）。

一旦您擁有此set變量名稱，您可以將其重命名爲更易識別的名稱（例如'a'..'z'），其中包含dict。

查看這些變量上使用的方法和運算符，可以識別哪一個應該是字符串，整數或列表。

text = """# coding: UTF-8 
import sys 
l1l1ll11lll1l_opy_ = sys.version_info [0] == 2 
l11l11lll1_opy_ = 2048 
l111l1llllll_opy_ = 7 
def l1l1l11ll11ll_opy_ (l1111111lllll_opy_): 
    global l1l11111ll1l1_opy_ 
    l11ll1ll1l_opy_ = ord (l1111111lllll_opy_ [-1]) 
    l1lll1l1llll_opy_ = l1111111lllll_opy_ [:-1] 
    l1lll1l1ll1111_opy_ = l11ll1ll1l_opy_ % len (l1lll1l1llll_opy_) 
    l1l1l111ll1_opy_ = l1lll1l1llll_opy_ [:l1lll1l1ll1111_opy_] + l1lll1l1llll_opy_ [l1lll1l1ll1111_opy_:] 
    if l1l1ll11lll1l_opy_: 
     l11l11111ll1_opy_ = l1ll1ll111ll_opy_() .join ([l111l1111l_opy_ (ord (char) - l11l11lll1_opy_ - (l1lll1_opy_ + l11ll1ll1l_opy_) % l111l1llllll_opy_) for l1lll1_opy_, char in enumerate (l1l1l111ll1_opy_)]) 
    else: 
     l11l11111ll1_opy_ = str() .join ([chr (ord (char) - l11l11lll1_opy_ - (l1lll1_opy_ + l11ll1ll1l_opy_) % l111l1llllll_opy_) for l1lll1_opy_, char in enumerate (l1l1l111ll1_opy_)]) 
    return eval (l11l11111ll1_opy_)""" 


pattern = re.compile(r'\b[l1]{3,}\w+\b') 
original_names = set(re.findall(pattern, text)) 
possible_names = 'abcdefghijklmno' 
variable_conversion = dict(zip(original_names, possible_names)) 
# {'l1ll1ll111ll_opy_': 'a', 'l111l1111l_opy_': 'b', 'l1l1ll11lll1l_opy_': 'c', 'l1111111lllll_opy_': 'm', 'l1l1l111ll1_opy_': 'd', 'l1lll1l1llll_opy_': 'g', 'l11l11lll1_opy_': 'l', 'l1l1l11ll11ll_opy_': 'f', 'l111l1llllll_opy_': 'n', 'l11ll1ll1l_opy_': 'j', 'l1l11111ll1l1_opy_': 'h', 'l1lll1l1ll1111_opy_': 'k', 'l11l11111ll1_opy_': 'e', 'l1lll1_opy_': 'i'} 

def replace_by_clearer_name(matchobj): 
    original_name = matchobj.group(0) 
    return variable_conversion[original_name] 

print re.sub(pattern, replace_by_clearer_name, text) 

它輸出：

# coding: UTF-8 
import sys 
c = sys.version_info [0] == 2 
l = 2048 
n = 7 
def f (m): 
    global h 
    j = ord (m [-1]) 
    g = m [:-1] 
    k = j % len (g) 
    d = g [:k] + g [k:] 
    if c: 
     e = a() .join ([b (ord (char) - l - (i + j) % n) for i, char in enumerate (d)]) 
    else: 
     e = str() .join ([chr (ord (char) - l - (i + j) % n) for i, char in enumerate (d)]) 
    return eval (e) 

現在看起來更容易管理，對吧？